Point Comreadiness at any repository. In under an hour it returns an evidence-backed Release Readiness Index — every finding cited to the line, every control attested, and the verdict sealed in a certificate any counterparty can independently verify.1
The same evidence trail answers a different question depending on where you sit — buying, building, or accountable for the result.
A first-pass technical screen on any target's GitHub — before you spend a partner's afternoon or an advisor's invoice on it.
Run the same assessment an acquirer would on your own codebase. Fix what matters before the partner meeting; ignore the rest with receipts.
Engineering, security, and platform leads get an objective, repeatable read on readiness — with the evidence to back every number when someone pushes.
We instrument the technical-readiness portion of diligence so the partner spends their hour on the founder, not the codebase.
Install the read-only GitHub connector (Personal Access Token, scoped to read). Link one repository or an entire organisation. We never clone, publish, or retain source after assessment. Revocable in one click.
Read moreWe run 100+ deterministic rules and 30 AI specialist agents against the framework you choose. Every finding cites a control code; code-pattern findings additionally cite a file location (with a line range when the agent can pinpoint it). The rule layer is fully reproducible run-to-run.
Read moreInvestor-grade report with executive summary, maturity matrix, blocker queue, and remediation workbook. Re-run quarterly to track movement against itself.
Read moreMost tools generate output. We narrow it. Each framework is a structured rubric of controls, run by specialist agents against real evidence. Modular rule packs by language, framework, deployment target, or compliance regime.
| № | Framework | Lens | Scope |
|---|---|---|---|
| FW.01 | Technical Due Diligence Architecture · Documentation · Testing maturity | Investor / acquirer | 23 controls |
| FW.02 | Commercial SaaS Packaging · Onboarding · Multi-tenant isolation | Launch readiness | 51 controls |
| FW.03 | Enterprise Release Governance · Rollback · Operational resilience | Deployment readiness | 18 controls |
| FW.04 | Security Baseline IP & licensing · Secrets · Authorisation | Posture & provenance | 25 controls |
Restraint is the feature. Tools that promise everything decide nothing. We compress the technical-readiness portion of diligence and stop there. Knowing where the line is is what makes the signal worth trusting.
A single model has a single bias. For a decision this consequential, run a panel — several LLMs assess the same evidence independently, and we reconcile them. Agreement is signal. Disagreement is where the real questions live.
Models agree the architecture is sound; they split on tenant isolation — GPT-4o flagged it a blocker, the others did not. The evidence (a shared DB schema with no row-level scoping) supports the stricter call. Verify before launch.
Pick the models — our managed Claude and GPT, or bring your own key for Gemini, DeepSeek, Mistral, or a self-hosted endpoint. Each one scores the same evidence on its own.
We line the verdicts up: where the models agree you can move; where they diverge — a score gap, a disputed blocker, a finding only one model saw — we surface it precisely.
A final pass rationalises the disagreement: why the models differ, which call the evidence best supports, and the next step to settle it. Not one opaque score — a reconciled one.
Managed models run under your plan's cost cap. Bring-your-own keys are encrypted at rest and run on your own quota — including private, self-hosted models for sovereign deployments.
“I don’t need more data. I need to know which five percent matters. That’s what they give me, every quarter, on every company I back. Same investor-grade rigour, same evidence trail, same place to argue with the score.”
Every company you back, side-by-side. Maturity band, risk level, score delta since last quarter.
Quarterly re-runs surface movement. Know which companies are levelling up, which are sliding.
Spot which companies in your portfolio are commercially exposed before the board meeting, not in it.
Clean HTML report with executive summary, KPIs, matrices, and a remediation queue. Built for LPs, not engineers.
Run the same investor-grade assessment on your own codebase. Quarterly self-DD. Decide which technical debts matter enough to ship before the partner meeting. Ignore the rest with receipts in your back pocket.
See your score before the partner meeting. Walk in with the receipts, not the surprises.
Find what they will flag, before they flag it. Same rules, same agents, same evidence trail.
Quarterly self-DD so technical debt does not compound silently between board reviews.
Hand new engineers a structured tour of the system, with the rough edges already labelled.
Engineering, platform, and security leads carry the readiness question between reviews. We make it objective, repeatable, and documented — so “are we ready?” has an answer with an audit trail, not a vibe.
A repeatable read on readiness that doesn't move with whoever's in the room. Re-run it quarterly and watch the line, not the mood.
Every number traces to a control and a cited file. When the board pushes back, you have the receipt, not an opinion.
Run the assessment across multiple models and we show you where they agree, where they don't, and which call the evidence supports.
Hand a new engineer a structured tour of the system — with the rough edges already labelled and prioritised.
Every assessment ships distinct deliverables, each built for a different audience — partners, founders, engineers, LPs, auditors — led by a signed, independently-verifiable certificate.
A signed Release Readiness certificate with a public verify link. An investor confirms the score is authentic and untampered without re-running anything — and it can't be doctored after the fact.
A full software bill of materials with every dependency's licence classified — permissive, copyleft, or prohibited — so GPL/AGPL contamination surfaces before a deal does, not after.
How much of the codebase shows AI-authorship signals, and whether that AI use is governed — the provenance and IP question every 2026 acquirer now asks.
One page. Board-ready. Plain English score, the three things to fix, the three things working.
Full report with file citations on every code-pattern finding (with line range when the agent can pinpoint it). The evidence behind the score.
Quick wins and effort estimates. The list a CTO can hand to their team on Monday morning.
Machine-readable action plan. Feed it to your in-house coding agent or copy-paste into Cursor.
Maturity scoring across architecture, testing, ops, security, and documentation lenses.
Every rule evaluated, every evidence item cited. So your IC has nothing to argue with the auditor about.
When you run a panel: every model's verdict side by side, where they agree and diverge, and the arbiter's reconciliation. Trust the number because you can see the disagreement.
A compliance record of what data was looked at, what happened to it, and what was sent where — without exposing prompts. Built for GDPR Art. 30, SOC 2, and ISO 27001 reviews.
Machine-readable findings and evidence. Pipe it into your own tooling, BI stack, or LP dashboard.
Three subscription tiers, plus Sovereign on the roadmap for self-hosted deployments where source can't touch a third-party LLM. AI cost is BYOK today: bring your own Anthropic or OpenAI key, capped per assessment so spend stays predictable.
Solo angels & scouts · BYOK
Join the waitlistFunds & family offices · BYOK or managed
Join the waitlistPE, multi-fund, M&A · all managed
Join the waitlistRead-only GitHub connector. We never clone, publish, or retain source after assessment.
Your code and findings are never used to train AI models, ours or the providers'.
Every finding cites a control; code-pattern findings cite a file location (with a line range when the agent can pinpoint it). No opaque AI scores.
Bring any repository you have read access to. We'll run a live assessment with you. We won't be the loudest tool in your inbox. We'll be the one that earns the second meeting.